Seems to me you are referring to BREACH. There is no single update that will fix your web server for good, instead you will have to implement one or more workarounds to make BREACH not feasible attack vector anymore.
Possible mitigations are explained here: http://breachattack.com/ I've implemented a nginx rule that disables HTTP compression if there is no trusted "Referer" in the request header. Joseph Am 10.06.2015 um 11:32 schrieb Alejandro Betancor: > > Hello friends. > > > > I write to the list, because I’m using Debian Wheezy like a web server > with nginx 1.6.0. I update my nginx to fix the problem with gzip > compression, but I test the server and in this package we still have > the problem. I wanna know in wich version of nginx is fixed this > vulnerability. The CVE is CVE-2013-3587. > > > > Thanks and all the best. > > > > Alejandro Betancor > > > > > > >
